Senate Cyber Bill Gets Mixed Reviews

Just in time for Valentine’s Day, on Tuesday the Senate released its labor of love, the much-anticipated Cybersecurity Act of 2012, a bipartisan bill aiming to provide the government and private sector with resources to protect the nation’s critical infrastructure from mounting cyber attacks.

As a collaborative effort of members from the Senate Committees on Commerce, Homeland Security and Governmental Affairs, and Intelligence, the bill is being cosponsored by Sens. Joe Lieberman (I-Conn.), Susan Collins (R-Maine), Jay Rockefeller (D-W.Va.) and Dianne Feinstein (D-Cali.).

Breaking down the 205-page bill, the measures included intend to: determine the greatest cyber vulnerabilities; protect the nation’s most critical infrastructure; protect and promote innovation; improve information sharing while protecting privacy and civil liberties; improve the security of the federal government’s networks; clarify the roles of federal agencies; strengthen the cybersecurity workforce; and coordinate cybersecurity research and development.

And while the Senate has touted support from tech industry titans like Cisco, Oracle, TechAmerica and the Business Software Alliance, in addition to the Washington Post, not everyone is on board with the bill.

At a hearing for the legislation held Thursday by the Senate Committee on Homeland Security and Government Affairs (HSGAC), the US Chamber of Commerce’s Thomas Ridge, chairman of the organization’s National Security Task Force, said that the Chamber, representing over three million businesses, would not back the bill in its current form.

“Instead of adding to the regulatory burden, Congress should work to reduce the fragmented rules and bureaucracies placed on industry,” testified Ridge. “The optimal way forward will not be found in layering additional regulations on the business community.”

Meanwhile, not all senators are endorsing the bill either. Joining the session, HSGAC member Sen. John McCain (R-Ariz.) said the legislation is an offshoot of other failed cyber bills introduced year-upon-year and “has already been placed on the calendar by the majority leader, without a single markup or any executive business meeting by any committee of relevant jurisdiction” – a move he called “wrong.”

“To suggest that this bill should move directly to the Senate Floor because it has ‘been around’ since 2009 is outrageous,” said McCain. “In addition to these valid process concerns, I also have policy issues with the bill.”

McCain went on to say he is worried that the proposed act would carry with it high costs for American taxpayers and would ultimately “stymie job-creation.” As a solution, the senator vowed that after the Presidents Day recess, he would introduce an alternative cyber bill, which he said already has the support of seven ranking members of relevant Senate committees.

With the alternative bill coming as a curveball to many on the committee, Chairman Lieberman said he was “disappointed” in McCain’s plan, noting that he and Sen. Collins gave every senator “a fair chance” to incorporate their own measures into their legislation.

But beyond the discord, the Cybersecurity Act did manage to muster support in a trio of testimonies from Department of Homeland Security Sec. Janet Napolitano, Center for Strategic and International Studies cyber fellow James Lewis and Microsoft Vice President Scott Charney.

Suggesting that the bill would give businesses, states and local governments the immunities they need to share information about cyber threats or incidents, Sec. Napolitano told the committee she believes it has made “great progress toward reaching a consensus that will help protect the American people, federal government networks and systems and our nation’s critical infrastructure.”

Likewise, Lewis testified, “This bill has much that is good in it. Other sections, on education, information sharing, research, international cooperation, and on how the federal government secures its systems all make important contributions. Each deserves to be passed. But by themselves, or packaged together as a basket of low hanging fruit, they are inadequate to meet the risks we face today.”

Capping off the HSGAC hearing, Charney commended the committee for addressing cybersecurity, adding that his corporation, Microsoft, supports the new legislation and believes the proposal provides an “appropriate framework” to address the current cyber threats.

“Major emerging economic powers such as China and India are becoming centers of gravity for technology and innovation,” Charney included in his remarks. “Given that the United States will not have the same market forces at play in the future, the United States must seek other means to continue providing global leadership in cybersecurity. I believe that what we have seen from Congress, in its extensive deliberations to craft a statutory response to cybersecurity, provides a solid basis for continued US leadership.”

Charney closed with a quote, “Security remains a journey not a destination.” And thus, with the debates already arising from the Cybersecurity Act of 2012, it seems the journey continues…